Route Origin Authorization

$ rpki-client -vvf rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200229.roa
File:                     AS200229.roa (raw, json)
Hash identifier:          6tt7rwccUSkzPalzMGh+S833WmeL30hW4ui60Nf7NPM=
Subject key identifier:   F8:A1:21:FE:17:DC:B8:8F:9E:0E:1D:E4:43:CB:E9:8A:6A:A0:CD:C3
Certificate issuer:       /CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
Certificate serial:       54EFF2A5DA7EE02D82E43F70D0FF204E1EBC7599
Authority key identifier: 79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
Subject info access:      rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200229.roa
Signing time:             Tue 20 May 2025 07:00:42 +0000
ROA not before:           Tue 20 May 2025 06:55:42 +0000
ROA not after:            Tue 19 May 2026 07:00:42 +0000
asID:                     200229
IP address blocks:        103.139.89.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl
                          rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 04 Jun 2025 08:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:ef:f2:a5:da:7e:e0:2d:82:e4:3f:70:d0:ff:20:4e:1e:bc:75:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=799438f1b1762aeef8a35cf4e6cbae97699bd020
        Validity
            Not Before: May 20 06:55:42 2025 GMT
            Not After : May 19 07:00:42 2026 GMT
        Subject: CN=F8A121FE17DCB88F9E0E1DE443CBE98A6AA0CDC3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:29:91:03:66:fd:a7:b0:c4:1c:f3:a1:97:da:
                    41:81:32:0a:06:8b:26:72:36:e0:bc:b9:60:aa:47:
                    a8:6a:b2:f4:07:38:eb:bc:96:63:6d:36:09:0b:e3:
                    1d:96:32:c4:06:01:cd:39:e6:57:3f:81:20:47:b9:
                    65:48:8e:40:bd:f4:fd:f5:28:d7:95:e4:a3:e8:6f:
                    e1:e5:15:43:ad:3b:a8:6e:ba:6f:b3:9e:fd:e4:91:
                    47:9f:e0:3e:99:97:c4:b5:f2:24:ed:54:65:30:86:
                    ec:fc:7e:ca:a1:d9:6c:87:22:a0:1a:2e:3f:74:60:
                    27:48:98:11:40:78:ba:97:44:7b:cf:dc:60:da:b5:
                    a2:50:30:30:13:b3:b9:5d:35:3a:49:f3:7d:c5:a1:
                    b0:18:4e:8f:ff:c6:2a:ca:e5:d2:a9:18:6e:1d:cb:
                    44:a2:64:d6:88:01:27:c6:f0:4d:82:78:d4:be:ce:
                    0e:6d:84:70:d6:1e:c4:6c:d5:e7:8e:db:af:f6:dd:
                    8b:c0:a0:18:45:a0:3f:4b:65:5e:7a:fc:f2:e5:a1:
                    e7:16:1b:d8:1c:5d:cd:51:10:6b:f6:af:59:a6:e4:
                    3b:73:67:df:44:6c:94:03:17:4e:c1:64:8e:42:36:
                    bc:31:d1:b0:1c:c8:70:2a:80:fb:08:41:0e:1a:e1:
                    f8:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:A1:21:FE:17:DC:B8:8F:9E:0E:1D:E4:43:CB:E9:8A:6A:A0:CD:C3
            X509v3 Authority Key Identifier:
                keyid:79:94:38:F1:B1:76:2A:EE:F8:A3:5C:F4:E6:CB:AE:97:69:9B:D0:20

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/799438F1B1762AEEF8A35CF4E6CBAE97699BD020.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eZQ48bF2Ku74o1z05suul2mb0CA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rps.arin.net/repository/8a848adf850d063e0185755c91be3f9d/2/AS200229.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:3a:cb:a6:a5:b4:9b:5b:a1:07:e6:43:6e:b4:15:d2:91:13:
         0c:13:fa:ce:d0:ae:51:95:71:f9:ed:0c:94:8a:03:a7:e3:69:
         a9:d3:45:92:59:f6:a7:47:8c:99:93:f0:7a:62:8b:92:ec:c4:
         f5:5d:c2:d1:b7:92:ab:76:89:e2:a4:d0:2d:79:84:3e:ae:bf:
         80:92:fa:63:97:6e:43:d1:a8:16:73:0a:af:97:ad:41:a9:8f:
         9d:c1:46:7b:9d:75:3d:fe:14:91:50:3d:b0:ff:f8:98:14:82:
         f0:a6:3c:6f:9e:2d:73:ef:e5:e4:e5:ba:6a:b1:82:fc:b3:52:
         be:51:30:21:30:d5:cc:2c:b0:8b:26:b8:bf:90:ce:33:fb:34:
         66:bf:da:ac:b4:7e:58:6b:66:0c:26:44:a9:f7:17:a9:cd:e2:
         f9:cc:9d:33:51:36:43:70:1b:2c:a2:2d:a2:ff:6f:2c:ee:03:
         74:e1:f0:34:68:a7:12:01:71:cd:cd:5f:66:21:29:85:39:98:
         0f:98:30:5d:7b:72:de:0c:98:f2:83:7c:bc:b4:2d:c5:d4:d1:
         5c:63:e0:0f:39:d3:b4:45:e8:fa:80:d1:23:37:22:29:bb:93:
         f7:8a:86:69:fe:96:f9:5a:0c:80:fd:d8:05:2b:ec:71:36:6d:
         a4:5f:35:46
-----BEGIN CERTIFICATE-----
MIIE5TCCA82gAwIBAgIUVO/ypdp+4C2C5D9w0P8gTh68dZkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNzk5NDM4ZjFiMTc2MmFlZWY4YTM1Y2Y0ZTZjYmFlOTc2
OTliZDAyMDAeFw0yNTA1MjAwNjU1NDJaFw0yNjA1MTkwNzAwNDJaMDMxMTAvBgNV
BAMTKEY4QTEyMUZFMTdEQ0I4OEY5RTBFMURFNDQzQ0JFOThBNkFBMENEQzMwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/KZEDZv2nsMQc86GX2kGBMgoG
iyZyNuC8uWCqR6hqsvQHOOu8lmNtNgkL4x2WMsQGAc055lc/gSBHuWVIjkC99P31
KNeV5KPob+HlFUOtO6huum+znv3kkUef4D6Zl8S18iTtVGUwhuz8fsqh2WyHIqAa
Lj90YCdImBFAeLqXRHvP3GDataJQMDATs7ldNTpJ833FobAYTo//xirK5dKpGG4d
y0SiZNaIASfG8E2CeNS+zg5thHDWHsRs1eeO26/23YvAoBhFoD9LZV56/PLloecW
G9gcXc1REGv2r1mm5DtzZ99EbJQDF07BZI5CNrwx0bAcyHAqgPsIQQ4a4fj/AgMB
AAGjggHvMIIB6zAdBgNVHQ4EFgQU+KEh/hfcuI+eDh3kQ8vpimqgzcMwHwYDVR0j
BBgwFoAUeZQ48bF2Ku74o1z05suul2mb0CAwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3Jwa2ktcnBzLmFyaW4ubmV0L3JlcG9zaXRv
cnkvOGE4NDhhZGY4NTBkMDYzZTAxODU3NTVjOTFiZTNmOWQvMi83OTk0MzhGMUIx
NzYyQUVFRjhBMzVDRjRFNkNCQUU5NzY5OUJEMDIwLmNybDBkBggrBgEFBQcBAQRY
MFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZVpRNDhiRjJLdTc0bzF6MDVzdXVsMm1iMENBLmNlcjBwBggrBgEF
BQcBCwRkMGIwYAYIKwYBBQUHMAuGVHJzeW5jOi8vcnBraS1ycHMuYXJpbi5uZXQv
cmVwb3NpdG9yeS84YTg0OGFkZjg1MGQwNjNlMDE4NTc1NWM5MWJlM2Y5ZC8yL0FT
MjAwMjI5LnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEH
AQH/BBAwDjAMBAIAATAGAwQAZ4tZMA0GCSqGSIb3DQEBCwUAA4IBAQA7OsumpbSb
W6EH5kNutBXSkRMME/rO0K5RlXH57QyUigOn42mp00WSWfanR4yZk/B6YouS7MT1
XcLRt5KrdonipNAteYQ+rr+Akvpjl25D0agWcwqvl61BqY+dwUZ7nXU9/hSRUD2w
//iYFILwpjxvni1z7+Xk5bpqsYL8s1K+UTAhMNXMLLCLJri/kM4z+zRmv9qstH5Y
a2YMJkSp9xepzeL5zJ0zUTZDcBssoi2i/28s7gN04fA0aKcSAXHNzV9mISmFOZgP
mDBde3LeDJjyg3y8tC3F1NFcY+APOdO0Rej6gNEjNyIpu5P3ioZp/pb5WgyA/dgF
K+xxNm2kXzVG
-----END CERTIFICATE-----